﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Configuration;
using System.Data.SqlClient;

namespace FYPHP
{
    public partial class ProductEdit : System.Web.UI.Page
    {
        SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["fyphp"].ConnectionString);

        protected void Page_Load(object sender, EventArgs e)
        {
            if (!IsPostBack)
            {
                String ProductUploadUserID;

                SqlCommand cmdSearch,cmdCheckUploadUser;
                SqlDataReader dtrSearch,dtrCheckUploadUser;
                conn.Open();

                /* Checking*/
                cmdCheckUploadUser = new SqlCommand("SELECT * FROM Products p WHERE p_id=@id", conn);
                cmdCheckUploadUser.Parameters.AddWithValue("@id", Request.QueryString["id"]);
                dtrCheckUploadUser = cmdCheckUploadUser.ExecuteReader();

                dtrCheckUploadUser.Read();

                ProductUploadUserID = dtrCheckUploadUser["u_id"].ToString();

                dtrCheckUploadUser.Close();

                cmdSearch = new SqlCommand("SELECT cat_name FROM Category WHERE cat_status='publish' ORDER BY cat_name", conn);
                dtrSearch = cmdSearch.ExecuteReader();
                ddlCat.DataSource = dtrSearch;
                ddlCat.DataTextField = "cat_name";
                ddlCat.DataBind();
                dtrSearch.Close();

                if (Session["ID"] != null || Session["Role"] != null)
                {
                    if (Session["ID"].ToString().Equals(ProductUploadUserID) || Session["Role"].ToString().Equals("Admin"))
                    {
                        cmdSearch = new SqlCommand("SELECT * FROM Products p, Users u, Category c WHERE c.cat_id=p.p_category AND p.u_id=u.u_id AND p.p_id=@id", conn);
                        cmdSearch.Parameters.AddWithValue("@id", Request.QueryString["id"]);
                        dtrSearch = cmdSearch.ExecuteReader();

                        dtrSearch.Read();

                        txtName.Text = dtrSearch["p_name"].ToString();
                        txtDesc.Text = dtrSearch["p_desc"].ToString();
                        txtQuan.Text = dtrSearch["p_quantity"].ToString();
                        txtPrice.Text = dtrSearch["p_price"].ToString();
                        ddlCat.SelectedValue = dtrSearch["cat_name"].ToString();

                        dtrSearch.Close();
                        conn.Close();
                    }
                    else
                    {
                        conn.Close();
                        MessageBox("Invalid User");
                        Redirect("ProductManage.aspx");
                    }
                }
            }
        }

        protected void UploadButton_Click(object sender, EventArgs e)
        {
            String saveDir = @"\uploads\products\";
            string appPath = Request.PhysicalApplicationPath;

            if (FileUpload1.HasFile)
            {
                string savePath = appPath + saveDir + Server.HtmlEncode(FileUpload1.FileName);
                String fileName = FileUpload1.FileName;

                FileUpload1.SaveAs(savePath);

                SqlCommand cmdIn;
                conn.Open();

                cmdIn = new SqlCommand("UPDATE Products SET p_picture=@p WHERE p_id=@id", conn);
                cmdIn.Parameters.AddWithValue("@p", fileName);
                cmdIn.Parameters.AddWithValue("@id", Request.QueryString["id"]);
                cmdIn.ExecuteNonQuery();

                conn.Close();
                MessageBox("Your file was saved as " + fileName + ".");
                Redirect("ProductEdit.aspx?id=" + Request.QueryString["id"]);
            }
            else
            {
                MessageBox("You did not specify a file to upload.");
            }

        }

        protected void btnUpdate_Click(object sender, EventArgs e)
        {
            SqlCommand cmdIn, cmdSearch;
            conn.Open();

            cmdSearch = new SqlCommand("SELECT cat_id FROM Category WHERE cat_name='" + ddlCat.SelectedValue + "'", conn);
            String catid = cmdSearch.ExecuteScalar().ToString();

            cmdIn = new SqlCommand("UPDATE Products SET p_name=@name, p_desc=@desc, p_quantity=@quan, p_price=@price, p_category=@cat WHERE p_id=@id", conn);
            cmdIn.Parameters.AddWithValue("@name", txtName.Text);
            cmdIn.Parameters.AddWithValue("@desc", txtDesc.Text);
            cmdIn.Parameters.AddWithValue("@quan", txtQuan.Text);
            cmdIn.Parameters.AddWithValue("@price", txtPrice.Text);
            cmdIn.Parameters.AddWithValue("@cat", catid);
            cmdIn.Parameters.AddWithValue("@id", Request.QueryString["id"]);
            cmdIn.ExecuteNonQuery();

            conn.Close();
            MessageBox("Update Successfully.");
        }

        public string getPic()
        {
            SqlCommand cmdSearch;
            SqlDataReader dtrSearch;
            conn.Open();

            cmdSearch = new SqlCommand("Select p_picture From Products Where p_id=@id", conn);
            cmdSearch.Parameters.AddWithValue("@id", Request.QueryString["id"]);
            //cmdSearch.Parameters.AddWithValue("@id", 1);
            dtrSearch = cmdSearch.ExecuteReader();

            dtrSearch.Read();
            String pic = dtrSearch["p_picture"].ToString();

            dtrSearch.Close();
            conn.Close();

            return pic;

        }

        private void MessageBox(string msg)
        {
            Label lbl = new Label();
            lbl.Text = "<script language='javascript'>" + Environment.NewLine + "window.alert('" + msg + "')</script>";
            Page.Controls.Add(lbl);
        }

        private void Redirect(string msg)
        {
            Label lbl = new Label();
            lbl.Text = "<script language=\"javascript\">window.location='" + msg + "';</script>";
            Page.Controls.Add(lbl);
        }

        protected void btnReset_Click(object sender, EventArgs e)
        {
            Redirect("ProductEdit.aspx");
        }

    }
}